Article

Why cybersecurity must go local

The large amount of information on citizens and emergency services held by local authorities, means cybersecurity shouldn’t just be a priority for central government

By Tim Ferguson

Fri 4 Jan 2019 @ 16:48

Whether it’s schools, transport, rubbish collection or public safety, the services provided by local government directly affect the lives of people every day. In fact, 60 per cent of interactions UK citizens have with government is with local authorities.

Central government may seem the more obvious target for cybercriminals, but the ever-increasing amount of sensitive information relating to citizens, budgets, payroll and emergency preparedness that is held on local government systems means cybercriminals are taking an interest.

Another attraction for cybercriminals, particularly state-sponsored actors, is that local authority systems can also provide routes into central government networks and systems, giving local authorities even more reason to be vigilant.

Local government authorities came under attack more than 98 million times between 2013 and 2017, with 29 per cent of councils experiencing a breach of their systems. One of these was Lincolnshire County Council, which suffered a ransomware attack in 2016 that encrypted more than 47,000 files and resulted in a five-day shutdown of IT systems.

The council’s response included isolating the compromised systems and alerting the authorities, including the police and the Cyber Security Information Sharing Partnership, a joint industry and government initiative to exchange cyberthreat information.

The council published a report on the attack and what was learned, something Richard Wills, the council’s executive director for environment and economy with responsibility for IT, suggested is imperative for all local authorities facing the same threats.

Such is the level of threat posed, the Local Government Association has stated that councils should consider it a case of when, not if, a cyberattack will occur. As a result, they must “continuously review, refresh and reinforce their approach to cybersecurity”.

Local government organisations often have a range of legacy systems that operate in silos, making it difficult to get visibility of activity taking place across networks and keep all systems updated with the latest security patches. While the threat is very real the lack of a cohesive view makes it almost impossible to monitor staff behaviour on the network and detect insider threats.

Budget constraints and staffing restrictions are also challenges, with local authorities needing to find a way to do more with what they have.

In this context, local authorities need to know where their data is, who is accessing it and from where, and where data is going to, if they are to effectively secure their systems. They also need to understand where the physical and electronic boundaries of their security perimeter are.

By implementing security information and event management (SIEM), organisations can monitor across systems and pull together disparate data to create a centralised view. This enables security staff to provide greater oversight, and reduces detection and response times to threats.

With the risk posed by insider threats – from a member of staff clicking on an infected spam email or a disgruntled employee downloading confidential data to sell for profit – the addition of user and entity behaviour analytics (UEBA) can provide a picture of normal system behaviour and automatically flag or even shut down unauthorised activity – something that is particularly useful for overstretched IT staff.

Like central government departments, local government organisations also have compliance requirements, which centralised monitoring and data storage can support. With some local authorities working together to create shared digital services, these capabilities will become even more important.

Local government organisations must make cybersecurity a priority and find ways to overcome the technological and organisational challenges they might face. If they don’t, they will put personal data and the everyday services that citizens rely on at risk.